SolvedWin32 OpenSSH AD user cannot be authenticated by Key when sshd server is running by system(Password works), but key auth is working for user if user starts openssh by himeself with .\sshd.exe -d

tds1
549

"OpenSSH for Windows" version
((Get-Item (Get-Command sshd).Source).VersionInfo.FileVersion)
PS C:\Program Files\OpenSSH> ((Get-Item (Get-Command ./sshd).Source).VersionInfo.FileVersion)
8.1.0.0

Server OperatingSystem
((Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows nt\CurrentVersion\" -Name ProductName).ProductName)
Windows Server 2016 Standard

Client OperatingSystem
Linux/Windows - same issue

What is failing
Public key authentication/unable to get security token for AD user (local user, working fine)
Similar issue #1053

Expected output
Successful logon

Actual output
Client output from Linux
~/.ssh$ ssh -vvv -o "IdentitiesOnly=yes" -i ./test_key p986_bfr228384_t@10.39.14.133
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "10.39.14.133" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.39.14.133 [10.39.14.133] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file ./test_key type -1
debug1: key_load_public: No such file or directory
debug1: identity file ./test_key-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_8.1
debug1: match: OpenSSH_for_Windows_8.1 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.39.14.133:22 as 'p986_bfr228384_t'
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/user/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 10.39.14.133
debug3: hostkeys_foreach: reading file "/etc/ssh/ssh_known_hosts"
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:vDYx8dsScX3udfisVBrsouI4rXY+aeIFR1rGDJQXSYs
debug3: hostkeys_foreach: reading file "/home/user/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/user/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from 10.39.14.133
debug3: hostkeys_foreach: reading file "/etc/ssh/ssh_known_hosts"
debug1: Host '10.39.14.133' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: ./test_key ((nil)), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: ./test_key
debug3: sign_and_send_pubkey: RSA SHA256:6P8yS+E6ak3VE1X+em/tc9lFCFgsvxrwHLNzzcvvWhw
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to 10.39.14.133 ([10.39.14.133]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: send packet: type 1
packet_write_wait: Connection to 10.39.14.133 port 22: Broken pipe

Sshd log in windows server:

8836 2020-01-22 14:09:28.750 debug2: fd 3 setting O_NONBLOCK
8836 2020-01-22 14:09:28.750 debug1: Bind to port 22 on 0.0.0.0.
8836 2020-01-22 14:09:28.750 Server listening on 0.0.0.0 port 22.
8836 2020-01-22 14:09:34.280 debug3: fd 4 is not O_NONBLOCK
8836 2020-01-22 14:09:34.283 debug3: spawning "C:\Program Files\OpenSSH\sshd.exe" -R
8836 2020-01-22 14:09:34.292 debug3: send_rexec_state: entering fd = 7 config len 274
8836 2020-01-22 14:09:34.293 debug3: ssh_msg_send: type 0
8836 2020-01-22 14:09:34.293 debug3: send_rexec_state: done
9112 2020-01-22 14:09:34.331 debug1: inetd sockets after dupping: 4, 4
9112 2020-01-22 14:09:34.332 Connection from 10.39.34.155 port 33824 on 10.39.14.133 port 22
9112 2020-01-22 14:09:34.332 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
9112 2020-01-22 14:09:34.332 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
9112 2020-01-22 14:09:34.332 debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
9112 2020-01-22 14:09:34.332 debug2: fd 4 setting O_NONBLOCK
9112 2020-01-22 14:09:34.357 debug3: spawning "C:\Program Files\OpenSSH\sshd.exe" -y
9112 2020-01-22 14:09:34.367 debug2: Network child is on pid 4524
9112 2020-01-22 14:09:34.367 debug3: send_rexec_state: entering fd = 6 config len 274
9112 2020-01-22 14:09:34.367 debug3: ssh_msg_send: type 0
9112 2020-01-22 14:09:34.367 debug3: send_rexec_state: done
9112 2020-01-22 14:09:34.367 debug3: ssh_msg_send: type 0
9112 2020-01-22 14:09:34.367 debug3: ssh_msg_send: type 0
9112 2020-01-22 14:09:34.367 debug3: preauth child monitor started
9112 2020-01-22 14:09:34.406 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
9112 2020-01-22 14:09:34.406 debug3: send packet: type 20 [preauth]
9112 2020-01-22 14:09:34.406 debug1: SSH2_MSG_KEXINIT sent [preauth]
9112 2020-01-22 14:09:34.406 debug3: receive packet: type 20 [preauth]
9112 2020-01-22 14:09:34.406 debug1: SSH2_MSG_KEXINIT received [preauth]
9112 2020-01-22 14:09:34.406 debug2: local server KEXINIT proposal [preauth]
9112 2020-01-22 14:09:34.406 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
9112 2020-01-22 14:09:34.406 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
9112 2020-01-22 14:09:34.406 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
9112 2020-01-22 14:09:34.406 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
9112 2020-01-22 14:09:34.406 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
9112 2020-01-22 14:09:34.406 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
9112 2020-01-22 14:09:34.406 debug2: compression ctos: none,zlib@openssh.com [preauth]
9112 2020-01-22 14:09:34.406 debug2: compression stoc: none,zlib@openssh.com [preauth]
9112 2020-01-22 14:09:34.406 debug2: languages ctos: [preauth]
9112 2020-01-22 14:09:34.406 debug2: languages stoc: [preauth]
9112 2020-01-22 14:09:34.406 debug2: first_kex_follows 0 [preauth]
9112 2020-01-22 14:09:34.406 debug2: reserved 0 [preauth]
9112 2020-01-22 14:09:34.406 debug2: peer client KEXINIT proposal [preauth]
9112 2020-01-22 14:09:34.406 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c [preauth]
9112 2020-01-22 14:09:34.406 debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss [preauth]
9112 2020-01-22 14:09:34.406 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc [preauth]
9112 2020-01-22 14:09:34.407 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc [preauth]
9112 2020-01-22 14:09:34.407 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
9112 2020-01-22 14:09:34.407 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
9112 2020-01-22 14:09:34.407 debug2: compression ctos: none,zlib@openssh.com,zlib [preauth]
9112 2020-01-22 14:09:34.407 debug2: compression stoc: none,zlib@openssh.com,zlib [preauth]
9112 2020-01-22 14:09:34.407 debug2: languages ctos: [preauth]
9112 2020-01-22 14:09:34.407 debug2: languages stoc: [preauth]
9112 2020-01-22 14:09:34.407 debug2: first_kex_follows 0 [preauth]
9112 2020-01-22 14:09:34.407 debug2: reserved 0 [preauth]
9112 2020-01-22 14:09:34.407 debug1: kex: algorithm: curve25519-sha256 [preauth]
9112 2020-01-22 14:09:34.407 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
9112 2020-01-22 14:09:34.407 debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none [preauth]
9112 2020-01-22 14:09:34.407 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none [preauth]
9112 2020-01-22 14:09:34.407 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
9112 2020-01-22 14:09:34.409 debug3: receive packet: type 30 [preauth]
9112 2020-01-22 14:09:34.412 debug3: mm_sshkey_sign entering [preauth]
9112 2020-01-22 14:09:34.412 debug3: mm_request_send entering: type 6 [preauth]
9112 2020-01-22 14:09:34.412 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
9112 2020-01-22 14:09:34.412 debug3: mm_request_receive_expect entering: type 7 [preauth]
9112 2020-01-22 14:09:34.412 debug3: mm_request_receive entering [preauth]
9112 2020-01-22 14:09:34.412 debug3: mm_request_receive entering
9112 2020-01-22 14:09:34.412 debug3: monitor_read: checking request 6
9112 2020-01-22 14:09:34.412 debug3: mm_answer_sign
9112 2020-01-22 14:09:34.414 debug3: mm_answer_sign: KEX signature 000002059233A450(100)
9112 2020-01-22 14:09:34.414 debug3: mm_request_send entering: type 7
9112 2020-01-22 14:09:34.414 debug2: monitor_read: 6 used once, disabling now
9112 2020-01-22 14:09:34.415 debug3: send packet: type 31 [preauth]
9112 2020-01-22 14:09:34.415 debug3: send packet: type 21 [preauth]
9112 2020-01-22 14:09:34.415 debug2: set_newkeys: mode 1 [preauth]
9112 2020-01-22 14:09:34.415 debug1: rekey out after 134217728 blocks [preauth]
9112 2020-01-22 14:09:34.415 debug1: SSH2_MSG_NEWKEYS sent [preauth]
9112 2020-01-22 14:09:34.415 debug1: Sending SSH2_MSG_EXT_INFO [preauth]
9112 2020-01-22 14:09:34.415 debug3: send packet: type 7 [preauth]
9112 2020-01-22 14:09:34.415 debug1: expecting SSH2_MSG_NEWKEYS [preauth]
9112 2020-01-22 14:09:34.418 debug3: receive packet: type 21 [preauth]
9112 2020-01-22 14:09:34.418 debug1: SSH2_MSG_NEWKEYS received [preauth]
9112 2020-01-22 14:09:34.418 debug2: set_newkeys: mode 0 [preauth]
9112 2020-01-22 14:09:34.418 debug1: rekey in after 134217728 blocks [preauth]
9112 2020-01-22 14:09:34.418 debug1: KEX done [preauth]
9112 2020-01-22 14:09:34.469 debug3: receive packet: type 5 [preauth]
9112 2020-01-22 14:09:34.469 debug3: send packet: type 6 [preauth]
9112 2020-01-22 14:09:34.470 debug3: receive packet: type 50 [preauth]
9112 2020-01-22 14:09:34.470 debug1: userauth-request for user p986_bfr228384_t service ssh-connection method none [preauth]
9112 2020-01-22 14:09:34.470 debug1: attempt 0 failures 0 [preauth]
9112 2020-01-22 14:09:34.470 debug3: mm_getpwnamallow entering [preauth]
9112 2020-01-22 14:09:34.470 debug3: mm_request_send entering: type 8 [preauth]
9112 2020-01-22 14:09:34.470 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
9112 2020-01-22 14:09:34.470 debug3: mm_request_receive_expect entering: type 9 [preauth]
9112 2020-01-22 14:09:34.470 debug3: mm_request_receive entering [preauth]
9112 2020-01-22 14:09:34.470 debug3: mm_request_receive entering
9112 2020-01-22 14:09:34.470 debug3: monitor_read: checking request 8
9112 2020-01-22 14:09:34.470 debug3: mm_answer_pwnamallow
9112 2020-01-22 14:09:34.471 debug2: parse_server_config: config reprocess config len 274
9112 2020-01-22 14:09:34.472 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
9112 2020-01-22 14:09:34.472 debug3: mm_request_send entering: type 9
9112 2020-01-22 14:09:34.472 debug2: monitor_read: 8 used once, disabling now
9112 2020-01-22 14:09:34.473 debug2: input_userauth_request: setting up authctxt for p986_bfr228384_t [preauth]
9112 2020-01-22 14:09:34.473 debug3: mm_inform_authserv entering [preauth]
9112 2020-01-22 14:09:34.473 debug3: mm_request_send entering: type 4 [preauth]
9112 2020-01-22 14:09:34.473 debug2: input_userauth_request: try method none [preauth]
9112 2020-01-22 14:09:34.473 debug3: mm_request_receive entering
9112 2020-01-22 14:09:34.473 debug3: monitor_read: checking request 4
9112 2020-01-22 14:09:34.473 debug3: mm_answer_authserv: service=ssh-connection, style=
9112 2020-01-22 14:09:34.473 debug2: monitor_read: 4 used once, disabling now
9112 2020-01-22 14:09:34.473 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
9112 2020-01-22 14:09:34.473 debug3: ensure_minimum_time_since: elapsed 2.994ms, delaying 5.730ms (requested 8.724ms) [preauth]
9112 2020-01-22 14:09:34.479 debug3: userauth_finish: failure partial=0 next methods="publickey,keyboard-interactive" [preauth]
9112 2020-01-22 14:09:34.479 debug3: send packet: type 51 [preauth]
9112 2020-01-22 14:09:34.483 debug3: receive packet: type 50 [preauth]
9112 2020-01-22 14:09:34.483 debug1: userauth-request for user p986_bfr228384_t service ssh-connection method publickey [preauth]
9112 2020-01-22 14:09:34.483 debug1: attempt 1 failures 0 [preauth]
9112 2020-01-22 14:09:34.483 debug2: input_userauth_request: try method publickey [preauth]
9112 2020-01-22 14:09:34.483 debug2: userauth_pubkey: valid user p986_bfr228384_t attempting public key rsa-sha2-512 AAAAB3NzaC1yc2EAAAADAQABAAABgQDNvi2KZKqBzzKPeOj/tId5gtEancCFISa2LUYvEiF7AiPUX670WfEY1CjwNfacbDmF8YqlmUoEhOIkAo6rOnkQb3427KcW3uInnNG1KR3UH3Hy2vppcU23YyCmfoQT4yZwjzc4lZHR8t5u6jSxm51BTWbli2qXI65VFg+I/i5guiwGa8jBBrqfMjTOolEU2yxccb0gliavcg/yE6fa+ZYhBke3rwo6Y/I3Ao8H8WdMn23u0hXTJWw7mKRnUtKQGd4e0+g5PIS10w9l7ZHnq1txEKjBcwlcHWMJUxUVrxoPrjbbXoT2B22SbR7ijpYW5VvgXiS8pIvy2pbytGP4e1acElDiTTJF72veDdwFkD12MFiUkFZvDR7ifLHE2BWh0AhKyy2uY6lCl+qOFTRmzJxWpsQqk0G8mk9ocq9hP2IebXaRQEsKedrvnMe5gwOiknID91naL87tl71ELEfp+zNnQ28iEQLRqgf9PtGH3Wc4U9zuIO/+bhZiIPuOFdJda8U= [preauth]
9112 2020-01-22 14:09:34.483 debug3: userauth_pubkey: have rsa-sha2-512 signature for RSA SHA256:6P8yS+E6ak3VE1X+em/tc9lFCFgsvxrwHLNzzcvvWhw [preauth]
9112 2020-01-22 14:09:34.483 debug3: mm_key_allowed entering [preauth]
9112 2020-01-22 14:09:34.483 debug3: mm_request_send entering: type 22 [preauth]
9112 2020-01-22 14:09:34.483 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
9112 2020-01-22 14:09:34.483 debug3: mm_request_receive_expect entering: type 23 [preauth]
9112 2020-01-22 14:09:34.483 debug3: mm_request_receive entering [preauth]
9112 2020-01-22 14:09:34.483 debug3: mm_request_receive entering
9112 2020-01-22 14:09:34.483 debug3: monitor_read: checking request 22
9112 2020-01-22 14:09:34.483 debug3: mm_answer_keyallowed entering
9112 2020-01-22 14:09:34.483 debug3: mm_answer_keyallowed: key_from_blob: 00000205922B7E10
9112 2020-01-22 14:09:34.483 debug1: trying public key file C:\Users\p986_bfr228384_t\.ssh/authorized_keys
9112 2020-01-22 14:09:34.485 debug1: C:\Users\p986_bfr228384_t\.ssh/authorized_keys:1: matching key found: RSA SHA256:6P8yS+E6ak3VE1X+em/tc9lFCFgsvxrwHLNzzcvvWhw
9112 2020-01-22 14:09:34.485 debug1: C:\Users\p986_bfr228384_t\.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
9112 2020-01-22 14:09:34.485 Accepted key RSA SHA256:6P8yS+E6ak3VE1X+em/tc9lFCFgsvxrwHLNzzcvvWhw found at C:\Users\p986_bfr228384_t\.ssh/authorized_keys:1
9112 2020-01-22 14:09:34.485 debug3: mm_answer_keyallowed: publickey authentication: RSA key is allowed
9112 2020-01-22 14:09:34.485 debug3: mm_request_send entering: type 23
9112 2020-01-22 14:09:34.485 debug3: mm_sshkey_verify entering [preauth]
9112 2020-01-22 14:09:34.485 debug3: mm_request_send entering: type 24 [preauth]
9112 2020-01-22 14:09:34.485 debug3: mm_request_receive entering
9112 2020-01-22 14:09:34.485 debug3: monitor_read: checking request 24
9112 2020-01-22 14:09:34.485 debug3: mm_answer_keyverify: publickey 0000020592325720 signature verified
9112 2020-01-22 14:09:34.485 debug1: auth_activate_options: setting new authentication options
9112 2020-01-22 14:09:34.485 debug3: mm_request_send entering: type 25
9112 2020-01-22 14:09:34.486 Accepted publickey for p986_bfr228384_t from 10.39.34.155 port 33824 ssh2: RSA SHA256:6P8yS+E6ak3VE1X+em/tc9lFCFgsvxrwHLNzzcvvWhw
9112 2020-01-22 14:09:34.486 debug1: monitor_child_preauth: p986_bfr228384_t has been authenticated by privileged process
9112 2020-01-22 14:09:34.486 debug3: mm_get_keystate: Waiting for new keys
9112 2020-01-22 14:09:34.486 debug3: mm_request_receive_expect entering: type 26
9112 2020-01-22 14:09:34.486 debug3: mm_request_receive entering
9112 2020-01-22 14:09:34.492 debug3: mm_get_keystate: GOT new keys
9112 2020-01-22 14:09:34.492 debug3: mm_sshkey_verify: waiting for MONITOR_ANS_KEYVERIF [preauth]
9112 2020-01-22 14:09:34.492 debug3: mm_request_receive_expect entering: type 25 [preauth]
9112 2020-01-22 14:09:34.492 debug3: mm_request_receive entering [preauth]
9112 2020-01-22 14:09:34.492 debug1: auth_activate_options: setting new authentication options [preauth]
9112 2020-01-22 14:09:34.492 debug2: userauth_pubkey: authenticated 1 pkalg rsa-sha2-512 [preauth]
9112 2020-01-22 14:09:34.492 debug3: user_specific_delay: user specific delay 0.000ms [preauth]
9112 2020-01-22 14:09:34.492 debug3: ensure_minimum_time_since: elapsed 2.994ms, delaying 5.730ms (requested 8.724ms) [preauth]
9112 2020-01-22 14:09:34.492 debug3: send packet: type 52 [preauth]
9112 2020-01-22 14:09:34.492 debug3: mm_request_send entering: type 26 [preauth]
9112 2020-01-22 14:09:34.492 debug3: mm_send_keystate: Finished sending state [preauth]
9112 2020-01-22 14:09:34.495 debug1: monitor_read_log: child log fd closed
9112 2020-01-22 14:09:34.577 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\p986_bfr228384_t'=>'p986_bfr228384_t@domain'
9112 2020-01-22 14:09:34.595 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'domain\p986_bfr228384_t' Status: 0xC000006D SubStatus 0.
9112 2020-01-22 14:09:34.595 debug3: get_user_token - unable to generate token for user domain\p986_bfr228384_t
9112 2020-01-22 14:09:39.135 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'domain\p986_bfr228384_t'=>'p986_bfr228384_t@domain'
9112 2020-01-22 14:09:39.145 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'domain\p986_bfr228384_t' Status: 0xC000006D SubStatus 0.
9112 2020-01-22 14:09:39.145 error: get_user_token - unable to generate token on 2nd attempt for user domain\p986_bfr228384_t
9112 2020-01-22 14:09:39.145 error: unable to get security token for user domain\p986_bfr228384_t
9112 2020-01-22 14:09:39.145 fatal: fork of unprivileged child failed

9112 2020-01-22 14:09:39.145 debug1: do_cleanup

Log when running with user .\sshd.exe -d
debug1: sshd version OpenSSH_for_Windows_8.1, LibreSSL 2.9.2
debug1: get_passwd: LookupAccountName() failed: 1332.
debug1: private host key #0: ssh-rsa SHA256:jHHFr8IYn3RXO6cfngtaQLKmm0Sf6gDZzM4dVbp6LHQ
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:vDYx8dsScX3udfisVBrsouI4rXY+aeIFR1rGDJQXSYs
debug1: private host key #2: ssh-ed25519 SHA256:nP1DtEduD42OqXY+6drE3bsv9yrWmlo96hPIx2kI4eQ
debug1: rexec_argv[0]='C:\Program Files\OpenSSH\sshd.exe'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Server will not fork when running in debugging mode.
Connection from 10.39.34.155 port 34412 on 10.39.14.133 port 22
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none [preauth]
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: rekey out after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: Sending SSH2_MSG_EXT_INFO [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: rekey in after 134217728 blocks [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user p986_bfr228384_t service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: userauth-request for user p986_bfr228384_t service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: trying public key file C:\Users\p986_bfr228384_t\.ssh/authorized_keys
debug1: C:\Users\p986_bfr228384_t\.ssh/authorized_keys:1: matching key found: RSA SHA256:6P8yS+E6ak3VE1X+em/tc9lFCFgsvxrwHLNzzcvvWhw
debug1: C:\Users\p986_bfr228384_t\.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
Accepted key RSA SHA256:6P8yS+E6ak3VE1X+em/tc9lFCFgsvxrwHLNzzcvvWhw found at C:\Users\p986_bfr228384_t\.ssh/authorized_keys:1
debug1: auth_activate_options: setting new authentication options
Accepted publickey for p986_bfr228384_t from 10.39.34.155 port 34412 ssh2: RSA SHA256:6P8yS+E6ak3VE1X+em/tc9lFCFgsvxrwHLNzzcvvWhw
debug1: monitor_child_preauth: p986_bfr228384_t has been authenticated by privileged process
debug1: auth_activate_options: setting new authentication options [preauth]
debug1: monitor_read_log: child log fd closed
debug1: Not running as SYSTEM: skipping loading user profile
User child is on pid 12444

53 Answers

✔️Accepted Answer

Update: I managed to get this working with the following workaround:

  1. Comment out all match blocks in sshd_config, and restart sshd service
  2. Disable publickey authentication (I just renamed .ssh/id_rsa on the client)
  3. Log in using the following form: azuread\dfields@microsoft.com@10.0.0.31

This workaround is limited to password authentication; publickey authentication actually works so far as login goes, but hits a secondary failure due to the same issue when trying to spawn the shell process.

@bagajjal when can we expect a more comprehensive solution that works with publickey?

Related Issues:

69
Win32 OpenSSH Can't add keys to ssh-agent, communication with agent failed
That check in ssh-agent can be removed as sshd now runs as SYSTEM We'll fix it As a workaround to un...
14
Win32 OpenSSH Error while executing FixHostFilePermissions.ps1
@JW0914 - You might want to try -command syntax to call the file like this: Powershell.exe -Executio...
7
Win32 OpenSSH Mouse Events Support
@maertendMSFT the ssh client deployed to W10 2004 is still on version OpenSSH_for_Windows_7.7p1 Libr...
320
Pillow ImportError: cannot import name 'PILLOW_VERSION' from 'PIL' (unknown location)
I'm getting the same error right now after conda install pillow on Win 10 It installed pillow 6.2.1 ...
227
neovim build fails with OSX Mojave
Starting with Mojave the headers are no longer installed under /usr/include/ by default -- look unde...
189
Pillow zlib requirement on Alpine Linux
@wiredfool Thanks I was having the same problem building a docker image hey ...
167
vim Error message printed first time python3 (version 3.7.0) dynamic library is imported
Regardless of installed plugins silently execute python3 once on the top of your vimrc: ...
122
Pillow cannot write mode RGBA as JPEG (4.2.0)
@AymericHENRY Hi While this is just reiterating what has already been said you should have no proble...
105
Pillow Can't install Pillow on Android
It does the trick: $ pkg install python libjpeg-turbo libcrypt ndk-sysroot clang zlib $ LDFLAGS=-L${...
90
neovim Build failed with Homebrew on both macOS 11.4 and 12.0.1
This should be fixed in Homebrew for now Neovim version (nvim -v) Upgrading neovim HEAD-487286b -> H...
77
arrayfire NVCC does not support Apple Clang version 8.x
@joseph-zhong it looks like you're using Xcode 8.3 which CUDA (v8.0.61) does not yet support :( Down...
56
xrdp Problem on debian - black screen
Hi I ran into the same issue on Debian testing and opened a bug on the Debian bug tracking system (D...
55
neovim Update tree-sitter to v0.19.0
Workaround for homebrew users: Uninstall tree-sitter@0.19.1 ignoring neovim dependency Extract the f...
54
systemd systemd can't handle the process previlege that belongs to user name startswith number, such as 0day
Let's look if it's actually invalid.. Submission type Bug report systemd version the issue has been ...
52
vim E363: pattern uses more memory than 'maxmempattern'
Vim 7.4 is getting a little long in the teeth The current state-of-the art Vim is 8.0.1097 as of thi...
50
borg document pull-like operation
While having documentation for this workaround is great wouldn't it be better to add this functional...
48
systemd systemctl - Useless error message - "Failed to enable unit: Invalid Argument"
In the mean time I came across a new-to-me command for possibly resolving invalid argument errors: s...
45
scrcpy adb server version (41) doesn't match this client (40)
fixed this by doing the following: going into GenyMotion settings -> ADB tab instead of Use Genymoti...
41
Pillow Unable to install on macOS Big Sur (zlib missing)
Run export SYSTEM_VERSION_COMPAT=1 before all other scripts They say Big Sur is both 10.16 and 11.0 ...
41
vim netrw's "gx" functionality doesn't open URLs anymore in macOS
I found yet another issue with netrw not opening URLs with @ and I decided enough is enough I starte...
40
vim Can't get transparent background with termguicolors enabled
At this moment this issue is solely about: Since to me the fact of being able to get transparent bac...
39
vcpkg Remove multiple packages at once (wildcards)
How about allowing syntax .\vcpkg.exe remove *:x86-windows to remove the entire x86-windows triplet?...
38
scrcpy not working with OS Catalina
I managed to fix this: cd /usr/local/Caskroom/android-platform-tools/29.0.5/platform-tools && open ....
38
neovim homebrew build fails to start (segfault in libtermkey 0.21)
EDITOR=/usr/bin/vim brew edit libtermkey edit the URL to libtermkey-0.20.tar.gz and the hash to 6c0d...
34
neovim Feature: optional floating window borders
This works for me Not sure why but it does. #6619 Added floating windows but no way to create a bord...
34
systemd "Restart" and/or "RestartForceExitStatus" should work with oneshot services, too
oneshot services managing their own restart policy (in a bash retry loop or similar) is similar to s...
31
kitty Error opening terminal: xterm-kitty
From stackoverflow: export TERM=xterm And it works. Any ideas how to fix this? This is a brand new M...
29
vim Right click enables visual mode by default
This is by design See :help defaults.vim for detail This happens if you don't have .vimrc ...
26
vim Editing a Groovy file causes Vim to throw an error - E945: Range too large in character class
At first I could not reproduce it either Describe the bug When I edit a Groovy file Vim throws an er...
25
neovim Failed to load python host
@brycearden I had that same issue as yours later I found out that pip and pip3 were both aliased to ...
25
Pillow The headers or library files could not be found for zlib, a required dependency when compiling Pillow from source
I figured it was my pip version that was behind I close the issue as upgrade the pip version fixed i...
25
vifm How to use bat as a fileviewer
Make sure that your truecolor terminal sets the COLORTERM variable to either truecolor or 24bit Othe...
24
libvips Install via package managers on Linux?
Amazon Linux 2 seems to be based on RHEL/CentOS 7[1] so I assume you could use Remi's RPM repository...
23
fluent bit Errors when forwarding to ElasticSearch
@edsiper I've got the same problem also related to es_rejected_execution_exception but: It should st...
23
systemd Access mounted (ip netns ...) network namespaces.
FWIW I came up with a simpler minimalistic version of @CrackerJackMack's solution above: Then ...
22
allegro5 Android build fails due to deprecated 'android' command
I have searched and found no replacement for the android update project command ...
22
neovim Pip already installed neovim but module not found
Try pip uninstalling both neovim and pynvim and then reinstalling just pynvim -- that worked for me ...
22
xrdp VNC Problem connecting
[SOLVED] I got the same error in CentOS 7.5 with Xfce desktop I had struggled for several days with ...
21
awesome Intellij dialog windows close immediately
Same problems with PyCharm 2018.1 and Idea 2018.1 Popups are problematic As @p-himik in #2233 said c...
21
Pillow Unable to install Pillow on the Macbook Pro 13 M1 Silicon
If it helps anyone on Apple Silicon brew install libjpeg pip install Pillow works ! ...
20
neovim cannot copy unicode characters
I had a similar problem: when copying texts letters with accents were swapped by other characters (e...
20
radare2 Unable Detect Clang Compiler in MacOS
@SajjadPourali and @ZhangZhuoSJTU are you using binutils from brew (Check with brew list | grep binu...
19
fluent bit Duplicate @timestamp fields in elasticsearch output
@edsiper I would reopen this I have this config: and keep getting error like this one: ...
19
lxc Unable to mount squashfs inside unprivileged container (mount failed: Unknown error -1)
For anyone who may be interested in installing Nextcloud via Snap in a Proxmox LXC container the fol...
19
neovim E886: System error while opening ShaDa file for writing: no such file or directory
I got this error on elementaryOS 5.1 Neovim v0.2.2 nvim --version: v0.4.0-609 Vim (version: ) behave...
18
conan "Please log in to "conan-center" to perform this action." for several packages
Conan 1.18.5 has been released limiting urllib3 < 1.25.4 To help us debug your issue please explain:...
17
mpv Better scaletempo (on high speed x1.5-x3)
@TiGR @wiiaboo I've fine tuned the settings a bit and this is what I got I've been watching some tal...
17
vim [discuss] Popup Window API design.
I have added a detailed design in patch 8.1.1329 Feel free to comment. This is not an issue but I ha...
16
goaccess Support structured log formats such as JSON
Native JSON support has been added Feel free to build from development to test this out It will be p...